PLATFORM:

ABSTRACT:

REFERENCE LINKS:

IMPACT ASSESSMENT:

Medium

DISCUSSION:

Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra.

IMPACT:

By convincing a user to view a specially crafted Shockwave content, an attacker may be able to execute arbitrary code with the privileges of the user.